According to reports published by ThreatFabric, android apps on Google Play Store which stole banking details had more than 300,000 downloads by unsuspecting users. These seemingly harmless apps masqueraded as QR scanners, cryptocurrency wallets, and PDF scanners, and maliciously stole sensitive financial data. User details like passwords, two-factor authentication codes, users’ logged keystrokes, and much more ended up getting stolen by these apps which mainly fall under four families of malware, namely Anatsa, Alien, Hydra, and Ermac. Google has been trying to combat this issue with their introduction of a number of restrictions which are aimed at curbing the distribution of such apps. This, in turn, has prompted the development of ingenious methods of bypassing Google Play Store security restrictions by the minds behind these malwares.
As explained by ThreatFabric, malware content is not introduced directly via Google Play Store, thereby avoiding detection. Users are lured into downloading additional updates from third-party sources by these apps. The cybercriminals have gone so far as to manually trigger the download of such updates after having tracked the location of the devices with these apps downloaded.
Some of the malicious apps as identified by the cybersecurity experts include QR Scanner, QR Scanner 2021, Two Factor Authenticator, Protection Guard, QR CreatorScanner, Master Scanner Live, CryptoTracker, PDF Document Scanner, PDF Document Scanner Free, and Gym and Fitness Trainer.
Of the four predominant families of malwares, with over 100,000 downloads, Antasa tops the list. The large number of downloads and good reviews, as well as decent functionality of the apps themselves, gave them an appearance of legitimacy. After being downloaded from the Google Play Store, however, these apps prompted users to further download additional third party content in order to be used. This turned out to be malware, which, upon installation, was able to steal sensitive financial details and capture all activity on the device’s screen.
In an April blog post by Google, the company detailed the measures they have been taking to counteract such malicious apps, including restricting the amount of access the developers have to sensitive information. However, Google Play Protect does not provide a competent enough level of security, especially when compared to the prominent anti-malware programs in the market, according to a July test by German IT security institute AV-Test. Around 20,000 malicious apps were tested, and it could only detect about two-third of them.